Let’s list them.Įxplore VSAN from StarWind StarWind VSAN White PaperĪdditional security considerations Introduction I added separate disks to hold the backup data.
Once the server installation is complete, update it. That part is described plentiful over the internet, so I will no repeat it here. So, grab Ubuntu 20.04.1 and spin up a server.
You can use the hardened repositories for both primary backups and backup copies Install an Ubuntu serverįirst, we need one or more Linux repositories setup that use the XFS file system. For those needs, you will not use immutability.Īny use case where immutability is vital is one where you must seriously consider using the hardened repository.
Note that certain backup chain types are not compatible with immutable repositories (more on that later). I always recommend the latter if you can. You use it as a standard repository or, as an extent in a scale-out backup repository. The use cases for the hardened repository are the same as for other repositories. XFS also supports this flag, so with that, all the requirements are met, and the plan comes together.
Last but not least, to achieve immutability, Veeam leverages the immutability “i” flag. Hence the file system of choice is XFS, which delivers the same benefits as ReFS. That is because it is all done via metadata operations.
Fast Clone makes synthetic full backups incredibly fast, and they don’t consume any disk space. For backup copy jobs, this means that GFS settings are a hard requirement. All this means that only forward incremental with periodic synthetic or active full backups are supported. The backup chain only can create new files without changing any of the existing ones. Because the Veeam backup chains must be compatible with immutable files, Veeam cannot change or delete any existing backup files during the specified period of immutability. Let’s dive into that why Fast Clone makes the difference here. XFS Reflink achieves the same benefits as ReFS in terms of speed and space consumption. My readers know I am a big fan of ReFS for Veeam repositories. That is the version that delivers the best “Reflink” (Fast Clone in Veeam speak) functionality with the XFS file system, according to Veeam.įigure 2: I’m using Ubuntu 20.04.1 LTS in the lab For now, that is Ubuntu 20.4 LTS, which uses kernel v5.4. So what else do we need? A supported Linux distro to provide the storage. That is the version where Veeam introduced hardened repositories. We already know we need Veeam Backup & Replication V11. Veeam does not require that kind of access to function, which means the Veeam backup fabric users and accounts cannot delete backups. It merely means that the backup files cannot be changed or deleted from the Linux server’s storage without having root access. The hardened repository in Veeam Backup & Replication V11 provides the air-gap or immutability we need. Veeam hardened Linux repository in v11 provides immutability You can do this using any server with storage that meets the requirements combined with several supported Linux distros and the XFS file system. In Veeam Backup & Replication V11, they introduced the ability to build your own immutable, hardened backup repositories. Veeam had such capabilities via 3 rd parties with tape, WORM disk storage, S3 compatible storage with object-lock and compliance mode in AWS, other clouds, or on-premises solutions. What you need is an air-gapped capability to ensure your ability to restore data. But as always, you have to face the hard possibility that bad actors will succeed in wiping or encrypting your environment’s data. In response to the above, Veeam keeps improving its defensive capabilities to deal with the ransomware threat. It is a world where existing threats evolve to perfect the vectors to deliver their malicious payloads with devastating results.įigure 1: Assume breach ( Photo by Kevin Horvat on Unsplash) It is also about ever-changing threat landscapes. That is not only about new capabilities or enhancing existing features.
As the IT landscape changes, the needs and requirements of their customers also evolve with it. Veeam Backup & Replication V11 keeps improving and moving ahead. Finally, we discuss the security measure you should take to harden the repository host.
We also show you how to set up an Ubuntu Linux server for this purpose. In part I, we introduce you to the hardened repository and why we need that. StarWind Virtual Tape Library (VTL) OEM.